CVE-2025-5731 – Infinispan CLI Plaintext Password Disclosure Vulnerability

June 26, 2025

CVE ID : CVE-2025-5731

Published : June 26, 2025, 10:15 p.m. | 3 hours, 19 minutes ago

Description : A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

Severity: 6.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2015-0842 – Yubiserver SQL Injection Vulnerability

Next Article CVE-2015-0843 – Yubiserver sprintf Buffer Overflow

Highlights

CVE-2025-32455 – Quantenna Wi-Fi Command Injection Vulnerability

June 8, 2025

CVE ID : CVE-2025-32455

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

OpenAI’s Sam Altman breaks silence on Microsoft feud with Satya Nadella — citing “points of tension” amid evolution plans

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Salesforce Marketing Cloud Engagement vs. Oracle Eloqua

Exploring Lucidworks Fusion and Coveo Using Apache Solr

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

CVE-2025-5731 – Infinispan CLI Plaintext Password Disclosure Vulnerability

CVE-2014-0468 – FusionForge Apache Script Execution Vulnerability

CVE-2014-6274 – Git-Annex AWS S3 and Glacier Unencrypted Credentials Storage Vulnerability

CVE-2020-36846 – Brotli Embedded Library Buffer Overflow Vulnerability

Distribution Release: Red Hat Enterprise Linux 10.0

Rnote 0.12 Released with Improved Linux Note-Taking Features

ACM Human-Computer Interaction Conference (CHI) 2025

CVE-2025-32455 – Quantenna Wi-Fi Command Injection Vulnerability

MiniMax AI Releases MiniMax-M1: A 456B Parameter Hybrid Model for Long-Context and Reinforcement Learning RL Tasks

CVE-2025-4032 – InclusionAI AWorld Os Command Injection Vulnerability

CVE-2024-39442 – Sprd SSense Service Missing Permission Check Vulnerability

CVE-2025-5731 – Infinispan CLI Plaintext Password Disclosure Vulnerability

Related Posts